[   35.606789][   T25] audit: type=1800 audit(1554611810.673:27): pid=7476 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   35.636212][   T25] audit: type=1800 audit(1554611810.673:28): pid=7476 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.
[   36.441905][   T25] audit: type=1800 audit(1554611811.553:29): pid=7476 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   36.462782][   T25] audit: type=1800 audit(1554611811.553:30): pid=7476 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.195' (ECDSA) to the list of known hosts.
2019/04/07 04:37:05 fuzzer started
2019/04/07 04:37:08 dialing manager at 10.128.0.26:34543
2019/04/07 04:37:08 syscalls: 2408
2019/04/07 04:37:08 code coverage: enabled
2019/04/07 04:37:08 comparison tracing: enabled
2019/04/07 04:37:08 extra coverage: extra coverage is not supported by the kernel
2019/04/07 04:37:08 setuid sandbox: enabled
2019/04/07 04:37:08 namespace sandbox: enabled
2019/04/07 04:37:08 Android sandbox: /sys/fs/selinux/policy does not exist
2019/04/07 04:37:08 fault injection: enabled
2019/04/07 04:37:08 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/04/07 04:37:08 net packet injection: enabled
2019/04/07 04:37:08 net device setup: enabled
04:39:08 executing program 0:
perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x21)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r1, 0xc08c5335, &(0x7f0000000440)={0x803, 0x7fff, 0x9, 'queue1\x00', 0x9})
getsockname$unix(r0, &(0x7f0000000040)=@abs, &(0x7f00000002c0)=0x6e)
r2 = openat$zero(0xffffffffffffff9c, 0x0, 0x4800, 0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x1)
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r2, 0xc08c5335, &(0x7f00000007c0)={0xce68, 0x0, 0x1, 'queue1\x00'})
unlinkat(r2, &(0x7f0000000640)='./file0\x00', 0x200)

syzkaller login: [  173.513165][ T7642] IPVS: ftp: loaded support on port[0] = 21
04:39:08 executing program 1:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'morus640\x00'}, 0x58)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x117, 0x5, 0x0, 0x200)

[  173.639725][ T7642] chnl_net:caif_netlink_parms(): no params data found
[  173.732710][ T7645] IPVS: ftp: loaded support on port[0] = 21
[  173.747603][ T7642] bridge0: port 1(bridge_slave_0) entered blocking state
[  173.772217][ T7642] bridge0: port 1(bridge_slave_0) entered disabled state
[  173.780444][ T7642] device bridge_slave_0 entered promiscuous mode
[  173.790658][ T7642] bridge0: port 2(bridge_slave_1) entered blocking state
[  173.797857][ T7642] bridge0: port 2(bridge_slave_1) entered disabled state
[  173.805725][ T7642] device bridge_slave_1 entered promiscuous mode
[  173.844679][ T7642] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  173.857052][ T7642] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  173.883909][ T7642] team0: Port device team_slave_0 added
04:39:09 executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffa5}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195}, 0x48)

[  173.901237][ T7642] team0: Port device team_slave_1 added
[  173.984235][ T7642] device hsr_slave_0 entered promiscuous mode
04:39:09 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x20800000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x10000})
perf_event_open(&(0x7f0000000040)={0x0, 0x23b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
fstat(r2, &(0x7f0000000140))
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f004})
openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  174.092221][ T7642] device hsr_slave_1 entered promiscuous mode
[  174.160769][ T7642] bridge0: port 2(bridge_slave_1) entered blocking state
[  174.168085][ T7642] bridge0: port 2(bridge_slave_1) entered forwarding state
[  174.176110][ T7642] bridge0: port 1(bridge_slave_0) entered blocking state
[  174.183246][ T7642] bridge0: port 1(bridge_slave_0) entered forwarding state
[  174.227511][ T7647] IPVS: ftp: loaded support on port[0] = 21
[  174.267651][ T7649] IPVS: ftp: loaded support on port[0] = 21
04:39:09 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memt\x00\x8a\x11>\xe2\xf5bYQ\xf6\xf2\x8cro\xf8&\xbdL\x18\xbb\xfa`\xa8<\x9f\xb5\x03/\xb4\x93\xd0\xa5\xa0\nf\x18\xfd-b\xc2s\xccV\x0e3', 0x26e1, 0x0)
ioctl$FS_IOC_FSSETXATTR(r1, 0x40086602, &(0x7f0000000140))
write$cgroup_int(r1, &(0x7f0000000080), 0xffffff19)
ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000000)={0x0, 0x4})
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0xbcda34450b800b7a, 0x40000000000a132, 0xffffffffffffffff, 0x0)

[  174.321458][ T7645] chnl_net:caif_netlink_parms(): no params data found
[  174.495539][ T7649] chnl_net:caif_netlink_parms(): no params data found
[  174.506635][ T7642] 8021q: adding VLAN 0 to HW filter on device bond0
[  174.549407][ T7645] bridge0: port 1(bridge_slave_0) entered blocking state
[  174.556969][ T7645] bridge0: port 1(bridge_slave_0) entered disabled state
[  174.564994][ T7645] device bridge_slave_0 entered promiscuous mode
[  174.573120][ T7645] bridge0: port 2(bridge_slave_1) entered blocking state
[  174.580250][ T7645] bridge0: port 2(bridge_slave_1) entered disabled state
[  174.588206][ T7645] device bridge_slave_1 entered promiscuous mode
[  174.605210][ T7645] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  174.621462][ T7642] 8021q: adding VLAN 0 to HW filter on device team0
[  174.643245][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  174.656868][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  174.676103][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  174.686045][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
04:39:09 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x3, 0x3c)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c)
write$binfmt_script(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="ab8cce9aa8bc2038bdd0b55368d7205869e899b729c8c77f169e35b495a40bb6c211c80eb7ea5b2a7058ade301e3a620c6a41d3619d57f7833c5813e322e68bfea8b79a6698e3fc5a87fb2da49a0d50b556ee26170101476ee960092e5ae338abd3d6c946908329e538bd8c0fe742f652df4bf9cb182d00d5c02531c17da3654f6fb1b1671a8ca3faf760c2e3abc10801dbc1651fa090c695d8c679d1ad1530f0f299eb65aded0bddc502c0a7f77a31caf86b2232ce027e1818e9c89bdea33e1cb169c8e4da6f8431aabbd4c2cccce98d2c4162f1754165652014107bcb1715b96287c6051f4a049658d026e0fa510e1379ea3037420e4bcf805d89ac9ce7108a03b8ed19ac6e7d372f42e5de56fd405309458a8269139fc3b9a5a4af5a276577a8a2b21778d072433333ad038301deac5b99c4fd0d26d238e454feb95370924a23cde"], 0x143)

[  174.702130][ T7645] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  174.705270][ T7654] IPVS: ftp: loaded support on port[0] = 21
[  174.756804][ T7645] team0: Port device team_slave_0 added
[  174.807196][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  174.816210][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  174.831498][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  174.838731][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  174.846490][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  174.855340][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  174.864071][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  174.871126][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  174.878774][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  174.887506][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  174.896214][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  174.904657][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  174.913285][ T7649] bridge0: port 1(bridge_slave_0) entered blocking state
[  174.920568][ T7649] bridge0: port 1(bridge_slave_0) entered disabled state
[  174.928501][ T7649] device bridge_slave_0 entered promiscuous mode
[  174.937129][ T7649] bridge0: port 2(bridge_slave_1) entered blocking state
[  174.944342][ T7649] bridge0: port 2(bridge_slave_1) entered disabled state
[  174.952472][ T7649] device bridge_slave_1 entered promiscuous mode
[  174.963999][ T7645] team0: Port device team_slave_1 added
[  174.985844][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  174.995067][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  175.004088][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  175.016744][ T7642] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  175.027989][ T7642] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  175.053045][ T7649] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  175.064481][ T7649] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  175.078664][ T7647] chnl_net:caif_netlink_parms(): no params data found
[  175.088086][   T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  175.098507][   T42] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  175.107160][   T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  175.115840][   T42] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  175.124601][   T42] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  175.152672][ T7659] IPVS: ftp: loaded support on port[0] = 21
[  175.195199][ T7645] device hsr_slave_0 entered promiscuous mode
[  175.242376][ T7645] device hsr_slave_1 entered promiscuous mode
[  175.295929][ T7649] team0: Port device team_slave_0 added
[  175.328595][ T7647] bridge0: port 1(bridge_slave_0) entered blocking state
[  175.336017][ T7647] bridge0: port 1(bridge_slave_0) entered disabled state
[  175.344068][ T7647] device bridge_slave_0 entered promiscuous mode
[  175.353826][ T7649] team0: Port device team_slave_1 added
[  175.370185][ T7647] bridge0: port 2(bridge_slave_1) entered blocking state
[  175.377669][ T7647] bridge0: port 2(bridge_slave_1) entered disabled state
[  175.385341][ T7647] device bridge_slave_1 entered promiscuous mode
[  175.409115][ T7647] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  175.418866][ T7647] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  175.437530][ T7642] 8021q: adding VLAN 0 to HW filter on device batadv0
[  175.477580][ T7647] team0: Port device team_slave_0 added
[  175.485140][ T7647] team0: Port device team_slave_1 added
[  175.565554][ T7649] device hsr_slave_0 entered promiscuous mode
[  175.622062][ T7649] device hsr_slave_1 entered promiscuous mode
[  175.680428][ T7654] chnl_net:caif_netlink_parms(): no params data found
[  175.775198][ T7647] device hsr_slave_0 entered promiscuous mode
[  175.832240][ T7647] device hsr_slave_1 entered promiscuous mode
[  175.894408][    C0] hrtimer: interrupt took 28221 ns
[  175.923985][ T7654] bridge0: port 1(bridge_slave_0) entered blocking state
[  175.931118][ T7654] bridge0: port 1(bridge_slave_0) entered disabled state
[  175.942003][ T7654] device bridge_slave_0 entered promiscuous mode
[  175.949778][ T7654] bridge0: port 2(bridge_slave_1) entered blocking state
[  175.957355][ T7654] bridge0: port 2(bridge_slave_1) entered disabled state
[  175.965566][ T7654] device bridge_slave_1 entered promiscuous mode
04:39:11 executing program 0:
perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x21)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r1, 0xc08c5335, &(0x7f0000000440)={0x803, 0x7fff, 0x9, 'queue1\x00', 0x9})
getsockname$unix(r0, &(0x7f0000000040)=@abs, &(0x7f00000002c0)=0x6e)
r2 = openat$zero(0xffffffffffffff9c, 0x0, 0x4800, 0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x1)
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r2, 0xc08c5335, &(0x7f00000007c0)={0xce68, 0x0, 0x1, 'queue1\x00'})
unlinkat(r2, &(0x7f0000000640)='./file0\x00', 0x200)

[  176.007314][ T7659] chnl_net:caif_netlink_parms(): no params data found
[  176.057498][ T7645] 8021q: adding VLAN 0 to HW filter on device bond0
04:39:11 executing program 0:
signalfd4(0xffffffffffffffff, 0x0, 0x3e4, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x10, 0x0)
fstat(0xffffffffffffffff, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000280)='./file0\x00', 0x1fe, 0xfffffffffffffffd)
write$binfmt_aout(r1, &(0x7f0000000880)=ANY=[@ANYBLOB="004548963e094b9bf04dab827d472fdb53082d57e9bebf830c90f6603be2eb1d069f4645e1e1c8461640a35b646e12ad54291b985acd29b5c1e249ca72ec5dea621d1384ec0846abae8d38c5503eec93ca3bfa7148d5ea5ee3373999fee2e2d5f022b31564f2b6018d58084a96ec22ad06daab5eecc033a048c958fae225025b1eff2cddc9105e15afec33d72d3f384b16fa628bc97adfc0b7146704f07516eb2b1d4ce420f12be010ef17dfa412aca805416a02be0d783c8caca3d7f391d7c143a70b5820ef6919de293c3999b1810f854832da53504bda304b16e286"], 0xdd)
perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getpeername$inet(r0, &(0x7f0000000080), &(0x7f00000001c0)=0x10)
unlink(0x0)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000680)={0x0, @in={{0x2, 0x4e22, @dev}}, 0x3ff, 0x0, 0x401, 0xf1, 0x4}, 0x98)
sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe)
mkdir(&(0x7f0000001540)='./file0\x00', 0x0)
ioctl$FS_IOC_GETFLAGS(r0, 0x80086601, &(0x7f00000000c0))

[  176.110592][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  176.126427][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  176.149627][ T7645] 8021q: adding VLAN 0 to HW filter on device team0
[  176.176202][ T7654] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  176.231114][ T7651] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  176.259057][ T7651] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  176.268425][ T7651] bridge0: port 1(bridge_slave_0) entered blocking state
[  176.275652][ T7651] bridge0: port 1(bridge_slave_0) entered forwarding state
[  176.288486][ T7651] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  176.297913][ T7654] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  176.309918][ T7659] bridge0: port 1(bridge_slave_0) entered blocking state
[  176.317287][ T7659] bridge0: port 1(bridge_slave_0) entered disabled state
[  176.328412][ T7659] device bridge_slave_0 entered promiscuous mode
[  176.330734][ T7674] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 17)
[  176.345909][ T7674] FAT-fs (loop0): Filesystem has been set read-only
[  176.357604][ T7674] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 17)
[  176.373594][   T25] audit: type=1804 audit(1554611951.483:31): pid=7676 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir850026289/syzkaller.t2Y34Z/2/file0/file0" dev="loop0" ino=3 res=1
[  176.401138][ T7676] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 17)
[  176.419957][ T7654] team0: Port device team_slave_0 added
[  176.429741][ T7676] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 17)
[  176.439380][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  176.448786][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  176.457756][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[  176.464950][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
04:39:11 executing program 0:
signalfd4(0xffffffffffffffff, 0x0, 0x3e4, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x10, 0x0)
fstat(0xffffffffffffffff, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000280)='./file0\x00', 0x1fe, 0xfffffffffffffffd)
write$binfmt_aout(r1, &(0x7f0000000880)=ANY=[@ANYBLOB="004548963e094b9bf04dab827d472fdb53082d57e9bebf830c90f6603be2eb1d069f4645e1e1c8461640a35b646e12ad54291b985acd29b5c1e249ca72ec5dea621d1384ec0846abae8d38c5503eec93ca3bfa7148d5ea5ee3373999fee2e2d5f022b31564f2b6018d58084a96ec22ad06daab5eecc033a048c958fae225025b1eff2cddc9105e15afec33d72d3f384b16fa628bc97adfc0b7146704f07516eb2b1d4ce420f12be010ef17dfa412aca805416a02be0d783c8caca3d7f391d7c143a70b5820ef6919de293c3999b1810f854832da53504bda304b16e286"], 0xdd)
perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getpeername$inet(r0, &(0x7f0000000080), &(0x7f00000001c0)=0x10)
unlink(0x0)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000680)={0x0, @in={{0x2, 0x4e22, @dev}}, 0x3ff, 0x0, 0x401, 0xf1, 0x4}, 0x98)
sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe)
mkdir(&(0x7f0000001540)='./file0\x00', 0x0)
ioctl$FS_IOC_GETFLAGS(r0, 0x80086601, &(0x7f00000000c0))

[  176.474822][ T7674] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 17)
[  176.476005][ T7649] 8021q: adding VLAN 0 to HW filter on device bond0
[  176.485201][ T7674] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 17)
[  176.495115][ T7659] bridge0: port 2(bridge_slave_1) entered blocking state
[  176.508359][ T7659] bridge0: port 2(bridge_slave_1) entered disabled state
[  176.520552][ T7659] device bridge_slave_1 entered promiscuous mode
[  176.546064][ T7654] team0: Port device team_slave_1 added
[  176.577512][ T7649] 8021q: adding VLAN 0 to HW filter on device team0
[  176.593954][ T7659] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  176.622343][ T7659] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  176.637305][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  176.659806][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  176.682867][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  176.691509][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  176.700539][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  176.715674][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  176.728792][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  176.733308][ T7682] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 17)
[  176.739947][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  176.745929][ T7682] FAT-fs (loop0): Filesystem has been set read-only
[  176.756784][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  176.762715][ T7682] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 17)
[  176.771559][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  176.793503][ T7645] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
04:39:11 executing program 0:
signalfd4(0xffffffffffffffff, 0x0, 0x3e4, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x10, 0x0)
fstat(0xffffffffffffffff, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000280)='./file0\x00', 0x1fe, 0xfffffffffffffffd)
write$binfmt_aout(r1, &(0x7f0000000880)=ANY=[@ANYBLOB="004548963e094b9bf04dab827d472fdb53082d57e9bebf830c90f6603be2eb1d069f4645e1e1c8461640a35b646e12ad54291b985acd29b5c1e249ca72ec5dea621d1384ec0846abae8d38c5503eec93ca3bfa7148d5ea5ee3373999fee2e2d5f022b31564f2b6018d58084a96ec22ad06daab5eecc033a048c958fae225025b1eff2cddc9105e15afec33d72d3f384b16fa628bc97adfc0b7146704f07516eb2b1d4ce420f12be010ef17dfa412aca805416a02be0d783c8caca3d7f391d7c143a70b5820ef6919de293c3999b1810f854832da53504bda304b16e286"], 0xdd)
perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getpeername$inet(r0, &(0x7f0000000080), &(0x7f00000001c0)=0x10)
unlink(0x0)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000680)={0x0, @in={{0x2, 0x4e22, @dev}}, 0x3ff, 0x0, 0x401, 0xf1, 0x4}, 0x98)
sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe)
mkdir(&(0x7f0000001540)='./file0\x00', 0x0)
ioctl$FS_IOC_GETFLAGS(r0, 0x80086601, &(0x7f00000000c0))

[  176.812058][ T7645] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  176.830818][ T7647] 8021q: adding VLAN 0 to HW filter on device bond0
[  176.894245][ T7654] device hsr_slave_0 entered promiscuous mode
[  176.922850][ T7654] device hsr_slave_1 entered promiscuous mode
[  176.963584][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  176.973642][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  176.982238][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  176.991047][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  177.000199][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  177.009351][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[  177.015961][ T7688] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 17)
[  177.016451][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[  177.028252][ T7688] FAT-fs (loop0): Filesystem has been set read-only
[  177.045125][ T7688] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 17)
[  177.047757][ T7645] 8021q: adding VLAN 0 to HW filter on device batadv0
04:39:12 executing program 0:
signalfd4(0xffffffffffffffff, 0x0, 0x3e4, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x10, 0x0)
fstat(0xffffffffffffffff, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000280)='./file0\x00', 0x1fe, 0xfffffffffffffffd)
write$binfmt_aout(r1, &(0x7f0000000880)=ANY=[@ANYBLOB="004548963e094b9bf04dab827d472fdb53082d57e9bebf830c90f6603be2eb1d069f4645e1e1c8461640a35b646e12ad54291b985acd29b5c1e249ca72ec5dea621d1384ec0846abae8d38c5503eec93ca3bfa7148d5ea5ee3373999fee2e2d5f022b31564f2b6018d58084a96ec22ad06daab5eecc033a048c958fae225025b1eff2cddc9105e15afec33d72d3f384b16fa628bc97adfc0b7146704f07516eb2b1d4ce420f12be010ef17dfa412aca805416a02be0d783c8caca3d7f391d7c143a70b5820ef6919de293c3999b1810f854832da53504bda304b16e286"], 0xdd)
perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getpeername$inet(r0, &(0x7f0000000080), &(0x7f00000001c0)=0x10)
unlink(0x0)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000680)={0x0, @in={{0x2, 0x4e22, @dev}}, 0x3ff, 0x0, 0x401, 0xf1, 0x4}, 0x98)
sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe)
mkdir(&(0x7f0000001540)='./file0\x00', 0x0)
ioctl$FS_IOC_GETFLAGS(r0, 0x80086601, &(0x7f00000000c0))

[  177.079494][ T7659] team0: Port device team_slave_0 added
[  177.090805][ T7655] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  177.099217][ T7655] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  177.108275][ T7655] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  177.117364][ T7655] bridge0: port 2(bridge_slave_1) entered blocking state
[  177.124941][ T7655] bridge0: port 2(bridge_slave_1) entered forwarding state
[  177.133387][ T7655] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  177.148105][ T7647] 8021q: adding VLAN 0 to HW filter on device team0
[  177.163591][ T7659] team0: Port device team_slave_1 added
[  177.170154][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  177.179752][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  177.187694][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  177.197014][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  177.206335][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  177.270645][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  177.293812][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  177.308783][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  177.320004][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[  177.327425][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[  177.336298][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  177.345963][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  177.363915][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[  177.371158][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[  177.382793][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  177.392421][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  177.401307][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  177.410012][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  177.419299][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  177.431402][ T7649] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  177.433959][ T7694] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 17)
[  177.446191][ T7649] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  177.462348][ T7694] FAT-fs (loop0): Filesystem has been set read-only
04:39:12 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000340)={0x1, 0x0, @ioapic={0x0, 0x0, 0xffffffff, 0x0, 0x0, [{0x1}, {}, {0x0, 0x0, 0x10001}, {0x0, 0x0, 0x9}, {0x0, 0x9, 0x0, [], 0x7}, {}, {0x0, 0x0, 0x0, [], 0x5}, {0x0, 0x6, 0x20}, {}, {}, {0x0, 0x2d97}, {}, {}, {0x0, 0x0, 0x44}, {}, {}, {}, {0x9}, {0x4}, {}, {}, {0x0, 0xffffffffffff0000}, {0x0, 0x40}]}})
ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000000)={0x9, 0x10001})

[  177.470347][ T7647] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  177.478580][ T7694] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 17)
[  177.482264][ T7647] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
04:39:12 executing program 0:
signalfd4(0xffffffffffffffff, 0x0, 0x3e4, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x10, 0x0)
fstat(0xffffffffffffffff, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000280)='./file0\x00', 0x1fe, 0xfffffffffffffffd)
write$binfmt_aout(r1, &(0x7f0000000880)=ANY=[@ANYBLOB="004548963e094b9bf04dab827d472fdb53082d57e9bebf830c90f6603be2eb1d069f4645e1e1c8461640a35b646e12ad54291b985acd29b5c1e249ca72ec5dea621d1384ec0846abae8d38c5503eec93ca3bfa7148d5ea5ee3373999fee2e2d5f022b31564f2b6018d58084a96ec22ad06daab5eecc033a048c958fae225025b1eff2cddc9105e15afec33d72d3f384b16fa628bc97adfc0b7146704f07516eb2b1d4ce420f12be010ef17dfa412aca805416a02be0d783c8caca3d7f391d7c143a70b5820ef6919de293c3999b1810f854832da53504bda304b16e286"], 0xdd)
perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getpeername$inet(r0, &(0x7f0000000080), &(0x7f00000001c0)=0x10)
unlink(0x0)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000680)={0x0, @in={{0x2, 0x4e22, @dev}}, 0x3ff, 0x0, 0x401, 0xf1, 0x4}, 0x98)
sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe)
mkdir(&(0x7f0000001540)='./file0\x00', 0x0)

[  177.538924][ T7659] device hsr_slave_0 entered promiscuous mode
[  177.568784][ T7659] device hsr_slave_1 entered promiscuous mode
[  177.574109][ T7709] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[  177.602114][ T7656] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  177.610017][ T7656] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  177.647210][ T7656] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  177.656402][ T7656] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  177.666857][ T7656] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  177.679427][ T7656] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
04:39:12 executing program 1:
r0 = socket$inet_tcp(0x2, 0x3, 0x6)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x23)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="2321202e2f66576c65308b02d290dc57d330ae6f6f00e5aa2966dae73fa5d6867fe7c0eb8b10ce01005b0000d28db00655c39a43"], 0x34)
write$binfmt_script(r0, &(0x7f00000001c0)={'#! ', './file0', [], 0xa, "39980cfd42119cc4e10403390a306500"/25}, 0x24)

[  177.691260][ T7656] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  177.706879][ T7656] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  177.718730][ T7656] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  177.744820][ T7656] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  177.753674][ T7656] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  177.762963][ T7656] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  177.791190][ T7647] 8021q: adding VLAN 0 to HW filter on device batadv0
[  177.804153][ T7720] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7720
[  177.814247][ T7720] caller is sk_mc_loop+0x1d/0x210
[  177.819296][ T7720] CPU: 1 PID: 7720 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19
[  177.828321][ T7720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  177.838530][ T7720] Call Trace:
[  177.841855][ T7720]  dump_stack+0x172/0x1f0
[  177.846216][ T7720]  __this_cpu_preempt_check+0x246/0x270
[  177.851779][ T7720]  sk_mc_loop+0x1d/0x210
[  177.856052][ T7720]  ip_mc_output+0x2ef/0xf70
[  177.860571][ T7720]  ? __ip_queue_xmit+0x1bf0/0x1bf0
[  177.865691][ T7720]  ? __ip_make_skb+0xf15/0x1820
[  177.870553][ T7720]  ? ip_append_data.part.0+0x170/0x170
[  177.876121][ T7720]  ? dst_release+0x62/0xb0
[  177.880546][ T7720]  ? __ip_make_skb+0xf93/0x1820
[  177.885402][ T7720]  ip_local_out+0xc4/0x1b0
[  177.889827][ T7720]  ip_send_skb+0x42/0xf0
[  177.894081][ T7720]  ip_push_pending_frames+0x64/0x80
[  177.899406][ T7720]  raw_sendmsg+0x1e6d/0x2f20
[  177.904181][ T7720]  ? finish_task_switch+0x46/0x780
[  177.909333][ T7720]  ? compat_raw_getsockopt+0x100/0x100
[  177.914894][ T7720]  ? __sched_text_start+0x8/0x8
[  177.919758][ T7720]  ? preempt_schedule+0x4b/0x60
[  177.924790][ T7720]  ? preempt_schedule_common+0x4f/0xe0
[  177.930440][ T7720]  ? ___might_sleep+0x163/0x280
[  177.935301][ T7720]  ? __might_sleep+0x95/0x190
[  177.940012][ T7720]  ? debug_lockdep_rcu_enabled+0x71/0xa0
[  177.945837][ T7720]  ? aa_sk_perm+0x288/0x880
[  177.950355][ T7720]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  177.955911][ T7720]  inet_sendmsg+0x147/0x5e0
[  177.960454][ T7720]  ? compat_raw_getsockopt+0x100/0x100
[  177.966203][ T7720]  ? inet_sendmsg+0x147/0x5e0
[  177.970898][ T7720]  ? ipip_gro_receive+0x100/0x100
[  177.975935][ T7720]  sock_sendmsg+0xdd/0x130
[  177.980372][ T7720]  sock_write_iter+0x27c/0x3e0
[  177.985164][ T7720]  ? sock_sendmsg+0x130/0x130
[  177.990042][ T7720]  ? aa_path_link+0x460/0x460
[  178.001299][ T7720]  ? find_held_lock+0x35/0x130
[  178.006080][ T7720]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  178.012331][ T7720]  ? iov_iter_init+0xee/0x220
[  178.017019][ T7720]  new_sync_write+0x4c7/0x760
[  178.021713][ T7720]  ? default_llseek+0x2e0/0x2e0
[  178.026720][ T7720]  ? common_file_perm+0x238/0x720
[  178.031760][ T7720]  ? __fget+0x381/0x550
[  178.035929][ T7720]  ? apparmor_file_permission+0x25/0x30
[  178.041574][ T7720]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  178.047828][ T7720]  ? security_file_permission+0x94/0x380
[  178.053475][ T7720]  __vfs_write+0xe4/0x110
[  178.057902][ T7720]  vfs_write+0x20c/0x580
[  178.062162][ T7720]  ksys_write+0xea/0x1f0
[  178.066414][ T7720]  ? __ia32_sys_read+0xb0/0xb0
[  178.071189][ T7720]  ? do_syscall_64+0x26/0x610
[  178.076750][ T7720]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  178.082836][ T7720]  ? do_syscall_64+0x26/0x610
[  178.087553][ T7720]  __x64_sys_write+0x73/0xb0
[  178.092458][ T7720]  do_syscall_64+0x103/0x610
[  178.097072][ T7720]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  178.102964][ T7720] RIP: 0033:0x4582b9
[  178.107043][ T7720] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  178.126911][ T7720] RSP: 002b:00007f0084acdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  178.135543][ T7720] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9
[  178.143629][ T7720] RDX: 0000000000000034 RSI: 0000000020000300 RDI: 0000000000000003
[  178.151604][ T7720] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[  178.159840][ T7720] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0084ace6d4
[  178.167912][ T7720] R13: 00000000004c7a3b R14: 00000000004ddaf0 R15: 00000000ffffffff
[  178.180760][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  178.181904][ T7721] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7721
[  178.197907][ T7721] caller is sk_mc_loop+0x1d/0x210
[  178.203013][ T7721] CPU: 1 PID: 7721 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19
[  178.211325][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  178.212360][ T7721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  178.212366][ T7721] Call Trace:
[  178.212393][ T7721]  dump_stack+0x172/0x1f0
[  178.212419][ T7721]  __this_cpu_preempt_check+0x246/0x270
[  178.212437][ T7721]  sk_mc_loop+0x1d/0x210
[  178.212452][ T7721]  ip_mc_output+0x2ef/0xf70
[  178.212470][ T7721]  ? __ip_queue_xmit+0x1bf0/0x1bf0
[  178.212489][ T7721]  ? __ip_make_skb+0xf15/0x1820
[  178.235843][ T7649] 8021q: adding VLAN 0 to HW filter on device batadv0
[  178.237973][ T7721]  ? ip_append_data.part.0+0x170/0x170
[  178.269324][ T7721]  ? dst_release+0x62/0xb0
[  178.279203][ T7721]  ? __ip_make_skb+0xf93/0x1820
[  178.284268][ T7721]  ip_local_out+0xc4/0x1b0
[  178.288789][ T7721]  ip_send_skb+0x42/0xf0
[  178.293066][ T7721]  ip_push_pending_frames+0x64/0x80
[  178.298283][ T7721]  raw_sendmsg+0x1e6d/0x2f20
[  178.301176][ T7654] 8021q: adding VLAN 0 to HW filter on device bond0
[  178.302889][ T7721]  ? compat_raw_getsockopt+0x100/0x100
[  178.302933][ T7721]  ? ___might_sleep+0x163/0x280
[  178.320028][ T7721]  ? __might_sleep+0x95/0x190
[  178.324840][ T7721]  ? debug_lockdep_rcu_enabled+0x71/0xa0
[  178.330518][ T7721]  ? aa_sk_perm+0x288/0x880
[  178.335071][ T7721]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  178.340638][ T7721]  inet_sendmsg+0x147/0x5e0
[  178.344448][ T7654] 8021q: adding VLAN 0 to HW filter on device team0
[  178.345186][ T7721]  ? compat_raw_getsockopt+0x100/0x100
[  178.357438][ T7721]  ? inet_sendmsg+0x147/0x5e0
[  178.362132][ T7721]  ? ipip_gro_receive+0x100/0x100
[  178.367181][ T7721]  sock_sendmsg+0xdd/0x130
[  178.371617][ T7721]  sock_write_iter+0x27c/0x3e0
[  178.376404][ T7721]  ? sock_sendmsg+0x130/0x130
[  178.381107][ T7721]  ? aa_path_link+0x460/0x460
[  178.385824][ T7721]  ? find_held_lock+0x35/0x130
[  178.390695][ T7721]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  178.396951][ T7721]  ? iov_iter_init+0xee/0x220
[  178.401674][ T7721]  new_sync_write+0x4c7/0x760
[  178.406461][ T7721]  ? default_llseek+0x2e0/0x2e0
[  178.411486][ T7721]  ? common_file_perm+0x238/0x720
[  178.416380][ T7654] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  178.416521][ T7721]  ? __fget+0x381/0x550
[  178.431076][ T7721]  ? apparmor_file_permission+0x25/0x30
[  178.436722][ T7721]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  178.441687][ T7654] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  178.442965][ T7721]  ? security_file_permission+0x94/0x380
[  178.442987][ T7721]  __vfs_write+0xe4/0x110
[  178.463526][ T7721]  vfs_write+0x20c/0x580
[  178.467870][ T7721]  ksys_write+0xea/0x1f0
[  178.472121][ T7721]  ? __ia32_sys_read+0xb0/0xb0
[  178.477064][ T7721]  ? do_syscall_64+0x26/0x610
[  178.481840][ T7721]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  178.487949][ T7721]  ? do_syscall_64+0x26/0x610
[  178.492643][ T7721]  __x64_sys_write+0x73/0xb0
[  178.497245][ T7721]  do_syscall_64+0x103/0x610
[  178.501854][ T7721]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  178.503784][ T7654] 8021q: adding VLAN 0 to HW filter on device batadv0
[  178.507768][ T7721] RIP: 0033:0x4582b9
[  178.518500][ T7721] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  178.538844][ T7721] RSP: 002b:00007f0084aacc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  178.538859][ T7721] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9
[  178.538866][ T7721] RDX: 0000000000000024 RSI: 00000000200001c0 RDI: 0000000000000003
[  178.538873][ T7721] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
[  178.538880][ T7721] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0084aad6d4
[  178.538894][ T7721] R13: 00000000004c7a3b R14: 00000000004ddaf0 R15: 00000000ffffffff
[  178.603723][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  178.611533][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  178.640890][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  178.660623][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  178.671261][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  178.678485][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  178.691415][ T7720] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7720
[  178.692000][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  178.700992][ T7720] caller is sk_mc_loop+0x1d/0x210
[  178.714016][ T7720] CPU: 1 PID: 7720 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19
[  178.715120][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  178.723049][ T7720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  178.723054][ T7720] Call Trace:
[  178.723081][ T7720]  dump_stack+0x172/0x1f0
[  178.723102][ T7720]  __this_cpu_preempt_check+0x246/0x270
[  178.723118][ T7720]  sk_mc_loop+0x1d/0x210
[  178.723135][ T7720]  ip_mc_output+0x2ef/0xf70
[  178.723151][ T7720]  ? __ip_queue_xmit+0x1bf0/0x1bf0
[  178.723164][ T7720]  ? __ip_make_skb+0xf15/0x1820
[  178.723181][ T7720]  ? ip_append_data.part.0+0x170/0x170
[  178.723193][ T7720]  ? dst_release+0x62/0xb0
[  178.723212][ T7720]  ? __ip_make_skb+0xf93/0x1820
[  178.731965][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  178.741304][ T7720]  ip_local_out+0xc4/0x1b0
[  178.741323][ T7720]  ip_send_skb+0x42/0xf0
[  178.741338][ T7720]  ip_push_pending_frames+0x64/0x80
[  178.741352][ T7720]  raw_sendmsg+0x1e6d/0x2f20
[  178.741375][ T7720]  ? compat_raw_getsockopt+0x100/0x100
[  178.744715][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  178.748982][ T7720]  ? __switch_to_asm+0x40/0x70
[  178.755076][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  178.758733][ T7720]  ? __schedule+0x81f/0x1cc0
[  178.758760][ T7720]  ? ___might_sleep+0x163/0x280
[  178.758790][ T7720]  ? ___might_sleep+0x163/0x280
[  178.764166][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  178.768403][ T7720]  ? __might_sleep+0x95/0x190
[  178.768421][ T7720]  ? debug_lockdep_rcu_enabled+0x71/0xa0
[  178.768435][ T7720]  ? aa_sk_perm+0x288/0x880
[  178.768455][ T7720]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  178.768473][ T7720]  inet_sendmsg+0x147/0x5e0
[  178.774179][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  178.778776][ T7720]  ? compat_raw_getsockopt+0x100/0x100
[  178.778793][ T7720]  ? inet_sendmsg+0x147/0x5e0
[  178.778807][ T7720]  ? ipip_gro_receive+0x100/0x100
[  178.778824][ T7720]  sock_sendmsg+0xdd/0x130
[  178.778842][ T7720]  sock_write_iter+0x27c/0x3e0
[  178.784118][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  178.788201][ T7720]  ? sock_sendmsg+0x130/0x130
[  178.788227][ T7720]  ? aa_path_link+0x460/0x460
[  178.788240][ T7720]  ? find_held_lock+0x35/0x130
[  178.788253][ T7720]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  178.788271][ T7720]  ? iov_iter_init+0xee/0x220
[  178.796203][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  178.799699][ T7720]  new_sync_write+0x4c7/0x760
[  178.799718][ T7720]  ? default_llseek+0x2e0/0x2e0
[  178.799749][ T7720]  ? common_file_perm+0x238/0x720
[  178.799768][ T7720]  ? __fget+0x381/0x550
[  178.805849][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  178.809220][ T7720]  ? apparmor_file_permission+0x25/0x30
[  178.809237][ T7720]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  178.809252][ T7720]  ? security_file_permission+0x94/0x380
[  178.809272][ T7720]  __vfs_write+0xe4/0x110
[  178.814595][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  178.819391][ T7720]  vfs_write+0x20c/0x580
[  178.819412][ T7720]  ksys_write+0xea/0x1f0
[  178.819428][ T7720]  ? __ia32_sys_read+0xb0/0xb0
[  178.819448][ T7720]  ? do_syscall_64+0x26/0x610
[  178.833897][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  178.837883][ T7720]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  178.837899][ T7720]  ? do_syscall_64+0x26/0x610
[  178.837922][ T7720]  __x64_sys_write+0x73/0xb0
[  178.837944][ T7720]  do_syscall_64+0x103/0x610
[  178.846982][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  178.850764][ T7720]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  178.850781][ T7720] RIP: 0033:0x4582b9
[  178.850796][ T7720] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  178.850803][ T7720] RSP: 002b:00007f0084acdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  178.856269][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  178.861454][ T7720] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9
[  178.861462][ T7720] RDX: 0000000000000034 RSI: 0000000020000300 RDI: 0000000000000004
[  178.861469][ T7720] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[  178.861475][ T7720] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0084ace6d4
[  178.861482][ T7720] R13: 00000000004c7a3b R14: 00000000004ddaf0 R15: 00000000ffffffff
[  178.898384][ T7721] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.1/7721
[  178.936545][ T7656] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  178.940811][ T7721] caller is sk_mc_loop+0x1d/0x210
[  178.940832][ T7721] CPU: 1 PID: 7721 Comm: syz-executor.1 Not tainted 5.1.0-rc3-next-20190405 #19
[  178.958852][ T7656] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  178.962706][ T7721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  178.962711][ T7721] Call Trace:
[  178.962736][ T7721]  dump_stack+0x172/0x1f0
[  178.962757][ T7721]  __this_cpu_preempt_check+0x246/0x270
[  178.962784][ T7721]  sk_mc_loop+0x1d/0x210
[  178.974144][ T7656] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  178.981589][ T7721]  ip_mc_output+0x2ef/0xf70
[  178.981608][ T7721]  ? __ip_queue_xmit+0x1bf0/0x1bf0
[  178.981621][ T7721]  ? __ip_make_skb+0xf15/0x1820
[  178.981640][ T7721]  ? ip_append_data.part.0+0x170/0x170
[  178.981651][ T7721]  ? dst_release+0x62/0xb0
[  178.981668][ T7721]  ? __ip_make_skb+0xf93/0x1820
[  179.282648][ T7721]  ip_local_out+0xc4/0x1b0
[  179.287139][ T7721]  ip_send_skb+0x42/0xf0
[  179.291364][ T7721]  ip_push_pending_frames+0x64/0x80
[  179.296548][ T7721]  raw_sendmsg+0x1e6d/0x2f20
[  179.301132][ T7721]  ? compat_raw_getsockopt+0x100/0x100
[  179.306708][ T7721]  ? __switch_to_asm+0x40/0x70
[  179.311461][ T7721]  ? __schedule+0x81f/0x1cc0
[  179.316045][ T7721]  ? ___might_sleep+0x163/0x280
[  179.320885][ T7721]  ? ___might_sleep+0x163/0x280
[  179.325720][ T7721]  ? __might_sleep+0x95/0x190
[  179.330384][ T7721]  ? debug_lockdep_rcu_enabled+0x71/0xa0
[  179.336004][ T7721]  ? aa_sk_perm+0x288/0x880
[  179.340766][ T7721]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  179.346436][ T7721]  inet_sendmsg+0x147/0x5e0
[  179.350922][ T7721]  ? compat_raw_getsockopt+0x100/0x100
[  179.356360][ T7721]  ? inet_sendmsg+0x147/0x5e0
[  179.361020][ T7721]  ? ipip_gro_receive+0x100/0x100
[  179.366293][ T7721]  sock_sendmsg+0xdd/0x130
[  179.370699][ T7721]  sock_write_iter+0x27c/0x3e0
[  179.375458][ T7721]  ? sock_sendmsg+0x130/0x130
[  179.380659][ T7721]  ? aa_path_link+0x460/0x460
[  179.385341][ T7721]  ? find_held_lock+0x35/0x130
[  179.390106][ T7721]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  179.396418][ T7721]  ? iov_iter_init+0xee/0x220
[  179.401087][ T7721]  new_sync_write+0x4c7/0x760
[  179.405753][ T7721]  ? default_llseek+0x2e0/0x2e0
[  179.410617][ T7721]  ? common_file_perm+0x238/0x720
[  179.415973][ T7721]  ? __fget+0x381/0x550
[  179.420298][ T7721]  ? apparmor_file_permission+0x25/0x30
[  179.426097][ T7721]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  179.432329][ T7721]  ? security_file_permission+0x94/0x380
[  179.438104][ T7721]  __vfs_write+0xe4/0x110
[  179.442602][ T7721]  vfs_write+0x20c/0x580
[  179.446843][ T7721]  ksys_write+0xea/0x1f0
[  179.451112][ T7721]  ? __ia32_sys_read+0xb0/0xb0
[  179.455867][ T7721]  ? do_syscall_64+0x26/0x610
[  179.460529][ T7721]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  179.466576][ T7721]  ? do_syscall_64+0x26/0x610
[  179.471239][ T7721]  __x64_sys_write+0x73/0xb0
[  179.475818][ T7721]  do_syscall_64+0x103/0x610
[  179.480525][ T7721]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  179.486402][ T7721] RIP: 0033:0x4582b9
[  179.490285][ T7721] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  179.510201][ T7721] RSP: 002b:00007f0084aacc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  179.518601][ T7721] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9
[  179.526738][ T7721] RDX: 0000000000000024 RSI: 00000000200001c0 RDI: 0000000000000004
[  179.534696][ T7721] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
[  179.542650][ T7721] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0084aad6d4
[  179.550713][ T7721] R13: 00000000004c7a3b R14: 00000000004ddaf0 R15: 00000000ffffffff
04:39:14 executing program 2:
r0 = perf_event_open(&(0x7f0000000300)={0x400000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0)
poll(&(0x7f0000000000)=[{r0}], 0x1, 0x0)

[  179.657523][ T7659] 8021q: adding VLAN 0 to HW filter on device bond0
[  179.706806][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  179.719866][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  179.738490][ T7659] 8021q: adding VLAN 0 to HW filter on device team0
[  179.753740][ T7656] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  179.766950][ T7656] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  179.777483][ T7656] bridge0: port 1(bridge_slave_0) entered blocking state
[  179.784632][ T7656] bridge0: port 1(bridge_slave_0) entered forwarding state
[  179.808319][ T7655] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  179.822979][ T7655] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  179.856513][ T7655] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  179.887463][ T7655] bridge0: port 2(bridge_slave_1) entered blocking state
[  179.894633][ T7655] bridge0: port 2(bridge_slave_1) entered forwarding state
04:39:15 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x20800000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x10000})
perf_event_open(&(0x7f0000000040)={0x0, 0x23b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
fstat(r2, &(0x7f0000000140))
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f004})
openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

04:39:15 executing program 0:
signalfd4(0xffffffffffffffff, 0x0, 0x3e4, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x10, 0x0)
fstat(0xffffffffffffffff, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000280)='./file0\x00', 0x1fe, 0xfffffffffffffffd)
write$binfmt_aout(r1, &(0x7f0000000880)=ANY=[@ANYBLOB="004548963e094b9bf04dab827d472fdb53082d57e9bebf830c90f6603be2eb1d069f4645e1e1c8461640a35b646e12ad54291b985acd29b5c1e249ca72ec5dea621d1384ec0846abae8d38c5503eec93ca3bfa7148d5ea5ee3373999fee2e2d5f022b31564f2b6018d58084a96ec22ad06daab5eecc033a048c958fae225025b1eff2cddc9105e15afec33d72d3f384b16fa628bc97adfc0b7146704f07516eb2b1d4ce420f12be010ef17dfa412aca805416a02be0d783c8caca3d7f391d7c143a70b5820ef6919de293c3999b1810f854832da53504bda304b16e286"], 0xdd)
perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getpeername$inet(r0, &(0x7f0000000080), &(0x7f00000001c0)=0x10)
unlink(0x0)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000680)={0x0, @in={{0x2, 0x4e22, @dev}}, 0x3ff, 0x0, 0x401, 0xf1, 0x4}, 0x98)
sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe)
mkdir(&(0x7f0000001540)='./file0\x00', 0x0)

[  179.912589][ T7655] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  179.930459][ T7655] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  179.970102][ T7659] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  180.005668][ T7659] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  180.030338][ T7659] 8021q: adding VLAN 0 to HW filter on device batadv0
[  180.051436][ T7651] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  180.060839][ T7651] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  180.069963][ T7651] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  180.079280][ T7651] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  180.100056][ T7651] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  180.114919][ T7651] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  180.124013][ T7651] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  180.132798][ T7651] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  180.140137][ T7750] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 17)
[  180.167510][ T7651] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  180.168293][ T7750] FAT-fs (loop0): Filesystem has been set read-only
[  180.185144][ T7750] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 17)
[  180.192121][ T7651] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  180.304773][ T7759] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7759
[  180.315788][ T7759] caller is ip6_finish_output+0x335/0xdc0
[  180.321697][ T7759] CPU: 1 PID: 7759 Comm: syz-executor.5 Not tainted 5.1.0-rc3-next-20190405 #19
[  180.330897][ T7759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  180.341245][ T7759] Call Trace:
[  180.344735][ T7759]  dump_stack+0x172/0x1f0
[  180.349102][ T7759]  __this_cpu_preempt_check+0x246/0x270
[  180.354647][ T7759]  ip6_finish_output+0x335/0xdc0
[  180.359671][ T7759]  ip6_output+0x235/0x7f0
[  180.364115][ T7759]  ? ip6_finish_output+0xdc0/0xdc0
[  180.369213][ T7759]  ? ip6_fragment+0x3980/0x3980
[  180.374045][ T7759]  ? retint_kernel+0x2d/0x2d
[  180.378630][ T7759]  ip6_local_out+0xc4/0x1b0
[  180.383113][ T7759]  ip6_send_skb+0xbb/0x350
[  180.387518][ T7759]  ip6_push_pending_frames+0xc8/0xf0
[  180.392984][ T7759]  rawv6_sendmsg+0x299c/0x35e0
[  180.397742][ T7759]  ? rawv6_getsockopt+0x150/0x150
[  180.402839][ T7759]  ? aa_profile_af_perm+0x320/0x320
[  180.408546][ T7759]  ? trace_hardirqs_on_caller+0x6a/0x220
[  180.414209][ T7759]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  180.419690][ T7759]  ? retint_kernel+0x2d/0x2d
[  180.424265][ T7759]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  180.429775][ T7759]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  180.435224][ T7759]  ? lockdep_hardirqs_on+0x418/0x5d0
[  180.440497][ T7759]  ? retint_kernel+0x2d/0x2d
[  180.445072][ T7759]  ? trace_hardirqs_on_caller+0x6a/0x220
[  180.450787][ T7759]  ? retint_kernel+0x2d/0x2d
[  180.455367][ T7759]  ? ipip_gro_receive+0x100/0x100
[  180.460385][ T7759]  inet_sendmsg+0x147/0x5e0
[  180.464870][ T7759]  ? rawv6_getsockopt+0x150/0x150
[  180.469873][ T7759]  ? inet_sendmsg+0x147/0x5e0
[  180.474531][ T7759]  ? ipip_gro_receive+0x100/0x100
[  180.479651][ T7759]  sock_sendmsg+0xdd/0x130
[  180.484071][ T7759]  sock_write_iter+0x27c/0x3e0
[  180.488958][ T7759]  ? sock_sendmsg+0x130/0x130
[  180.493641][ T7759]  ? iov_iter_init+0x30/0x220
[  180.498305][ T7759]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  180.504559][ T7759]  ? iov_iter_init+0xee/0x220
[  180.510014][ T7759]  new_sync_write+0x4c7/0x760
[  180.514885][ T7759]  ? default_llseek+0x2e0/0x2e0
[  180.519839][ T7759]  ? common_file_perm+0x238/0x720
[  180.524861][ T7759]  ? apparmor_file_permission+0x25/0x30
[  180.530424][ T7759]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  180.536838][ T7759]  ? security_file_permission+0x94/0x380
[  180.542595][ T7759]  __vfs_write+0xe4/0x110
[  180.546932][ T7759]  vfs_write+0x20c/0x580
[  180.551198][ T7759]  ksys_write+0xea/0x1f0
[  180.555435][ T7759]  ? __ia32_sys_read+0xb0/0xb0
[  180.560364][ T7759]  ? do_syscall_64+0x26/0x610
[  180.565043][ T7759]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  180.571097][ T7759]  ? do_syscall_64+0x26/0x610
[  180.576458][ T7759]  __x64_sys_write+0x73/0xb0
[  180.581035][ T7759]  do_syscall_64+0x103/0x610
[  180.585822][ T7759]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  180.591698][ T7759] RIP: 0033:0x4582b9
[  180.595582][ T7759] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  180.615267][ T7759] RSP: 002b:00007fa948a85c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  180.623843][ T7759] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9
[  180.631805][ T7759] RDX: 0000000000000143 RSI: 00000000200001c0 RDI: 0000000000000004
[  180.639794][ T7759] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[  180.647970][ T7759] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa948a866d4
[  180.655939][ T7759] R13: 00000000004c7a3b R14: 00000000004ddaf0 R15: 00000000ffffffff
04:39:15 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x3, 0x3c)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c)
write$binfmt_script(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="ab8cce9aa8bc2038bdd0b55368d7205869e899b729c8c77f169e35b495a40bb6c211c80eb7ea5b2a7058ade301e3a620c6a41d3619d57f7833c5813e322e68bfea8b79a6698e3fc5a87fb2da49a0d50b556ee26170101476ee960092e5ae338abd3d6c946908329e538bd8c0fe742f652df4bf9cb182d00d5c02531c17da3654f6fb1b1671a8ca3faf760c2e3abc10801dbc1651fa090c695d8c679d1ad1530f0f299eb65aded0bddc502c0a7f77a31caf86b2232ce027e1818e9c89bdea33e1cb169c8e4da6f8431aabbd4c2cccce98d2c4162f1754165652014107bcb1715b96287c6051f4a049658d026e0fa510e1379ea3037420e4bcf805d89ac9ce7108a03b8ed19ac6e7d372f42e5de56fd405309458a8269139fc3b9a5a4af5a276577a8a2b21778d072433333ad038301deac5b99c4fd0d26d238e454feb95370924a23cde"], 0x143)

04:39:15 executing program 1:
mkdir(&(0x7f0000000bc0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000001c0)='proc\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000300)='./file0\x00', 0x0, 0x0)
linkat(r0, &(0x7f0000000000)='./file0\x00', 0xffffffffffffffff, 0x0, 0x0)

04:39:15 executing program 4:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
ioctl$sock_ifreq(r0, 0x8000200008924, &(0x7f0000000000)={'batadv0\x00', @ifru_settings={0x1, 0x0, @fr_pvc=0x0}})

04:39:15 executing program 0:
signalfd4(0xffffffffffffffff, 0x0, 0x3e4, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x10, 0x0)
fstat(0xffffffffffffffff, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000280)='./file0\x00', 0x1fe, 0xfffffffffffffffd)
write$binfmt_aout(r1, &(0x7f0000000880)=ANY=[@ANYBLOB="004548963e094b9bf04dab827d472fdb53082d57e9bebf830c90f6603be2eb1d069f4645e1e1c8461640a35b646e12ad54291b985acd29b5c1e249ca72ec5dea621d1384ec0846abae8d38c5503eec93ca3bfa7148d5ea5ee3373999fee2e2d5f022b31564f2b6018d58084a96ec22ad06daab5eecc033a048c958fae225025b1eff2cddc9105e15afec33d72d3f384b16fa628bc97adfc0b7146704f07516eb2b1d4ce420f12be010ef17dfa412aca805416a02be0d783c8caca3d7f391d7c143a70b5820ef6919de293c3999b1810f854832da53504bda304b16e286"], 0xdd)
perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getpeername$inet(r0, &(0x7f0000000080), &(0x7f00000001c0)=0x10)
unlink(0x0)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000680)={0x0, @in={{0x2, 0x4e22, @dev}}, 0x3ff, 0x0, 0x401, 0xf1, 0x4}, 0x98)
sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe)

04:39:15 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='\x00\xcd\x94\xa4\x84\x00\b\x00\x00\x00\x00\x00\x00]\v\xbf\x9a\xcb')
renameat2(r0, &(0x7f0000000040)='./bus\x00', r0, &(0x7f0000000080)='./bus\x00', 0x0)

04:39:15 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x20800000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x10000})
perf_event_open(&(0x7f0000000040)={0x0, 0x23b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
fstat(r2, &(0x7f0000000140))
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f004})
openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

04:39:15 executing program 2:
perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f0000000280)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000440)=[{&(0x7f0000000580)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)

04:39:15 executing program 1:
r0 = syz_open_dev$sndseq(&(0x7f0000000180)='/dev/snd/seq\x00', 0x0, 0x0)
read(r0, &(0x7f0000000040)=""/28, 0x1c)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000300)={0x200000000bf})
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0xc05c5340, &(0x7f00000003c0)={0x0, @time})
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue0\x00'})
r1 = gettid()
timer_create(0x0, &(0x7f00000002c0)={0x0, 0x12}, &(0x7f00000001c0))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{}, {0x0, 0x1c9c380}}, 0x0)
tkill(r1, 0x14)

04:39:15 executing program 4:
unshare(0x600)
r0 = perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
open(0x0, 0x0, 0x0)
fcntl$setpipe(r0, 0x407, 0x1)
getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1f}, 0x0)
setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'})
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}})
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, 0x0)

04:39:16 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x20800000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x10000})
perf_event_open(&(0x7f0000000040)={0x0, 0x23b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
fstat(r2, &(0x7f0000000140))
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f004})
openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

04:39:16 executing program 5:
r0 = socket(0x20000000000000a, 0x2000000000001, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'bond0\x00'})
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'bond0\x00', 0xffb})

[  181.010271][ T7772] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 17)
[  181.055093][ T7772] FAT-fs (loop0): Filesystem has been set read-only
[  181.086546][ T7772] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 17)
04:39:16 executing program 0:
signalfd4(0xffffffffffffffff, 0x0, 0x3e4, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x10, 0x0)
fstat(0xffffffffffffffff, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000280)='./file0\x00', 0x1fe, 0xfffffffffffffffd)
write$binfmt_aout(r1, &(0x7f0000000880)=ANY=[@ANYBLOB="004548963e094b9bf04dab827d472fdb53082d57e9bebf830c90f6603be2eb1d069f4645e1e1c8461640a35b646e12ad54291b985acd29b5c1e249ca72ec5dea621d1384ec0846abae8d38c5503eec93ca3bfa7148d5ea5ee3373999fee2e2d5f022b31564f2b6018d58084a96ec22ad06daab5eecc033a048c958fae225025b1eff2cddc9105e15afec33d72d3f384b16fa628bc97adfc0b7146704f07516eb2b1d4ce420f12be010ef17dfa412aca805416a02be0d783c8caca3d7f391d7c143a70b5820ef6919de293c3999b1810f854832da53504bda304b16e286"], 0xdd)
perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getpeername$inet(r0, &(0x7f0000000080), &(0x7f00000001c0)=0x10)
unlink(0x0)
sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe)

04:39:16 executing program 2:
unshare(0x600)
r0 = perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x21)
getsockname$unix(r1, &(0x7f0000000040)=@abs, &(0x7f00000002c0)=0x6e)
ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0)
fcntl$setpipe(r0, 0x407, 0x1)
getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000300)={0x0, 0x100000001, 0x963, 0x1f}, &(0x7f0000000340)=0x10)
setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'})
pwrite64(r2, 0x0, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f00000007c0)={0x0, 0x0, 0x1, 'queue1\x00'})
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}})
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000500)={0x2, 0x2})
unlinkat(0xffffffffffffffff, &(0x7f0000000640)='./file0\x00', 0x200)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, 0x0)
recvmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x2000)

04:39:16 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
syz_mount_image$xfs(&(0x7f0000000180)='xfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)

04:39:16 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x22)

04:39:16 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x22)

[  181.530143][ T7804] device bond0 entered promiscuous mode
[  181.542855][ T7821] XFS (loop4): Invalid superblock magic number
[  181.547731][ T7807] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 17)
[  181.561553][ T7804] device bond_slave_0 entered promiscuous mode
04:39:16 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x22)

[  181.578430][ T7804] device bond_slave_1 entered promiscuous mode
[  181.588264][ T7807] FAT-fs (loop0): Filesystem has been set read-only
[  181.615783][ T7807] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 17)
[  181.626624][ T7804] 8021q: adding VLAN 0 to HW filter on device bond0
04:39:16 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='\x00\xcd\x94\xa4\x84\x00\b\x00\x00\x00\x00\x00\x00]\v\xbf\x9a\xcb')
mknodat(r0, &(0x7f0000000480)='./bus\x00', 0x0, 0x0)

04:39:16 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x22)

04:39:16 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc\x00', 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = dup3(r0, r1, 0x0)
ioctl$RTC_SET_TIME(r2, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x3, 0x0, 0xfff})

04:39:16 executing program 0:
signalfd4(0xffffffffffffffff, 0x0, 0x3e4, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x10, 0x0)
fstat(0xffffffffffffffff, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000280)='./file0\x00', 0x1fe, 0xfffffffffffffffd)
write$binfmt_aout(r1, &(0x7f0000000880)=ANY=[@ANYBLOB="004548963e094b9bf04dab827d472fdb53082d57e9bebf830c90f6603be2eb1d069f4645e1e1c8461640a35b646e12ad54291b985acd29b5c1e249ca72ec5dea621d1384ec0846abae8d38c5503eec93ca3bfa7148d5ea5ee3373999fee2e2d5f022b31564f2b6018d58084a96ec22ad06daab5eecc033a048c958fae225025b1eff2cddc9105e15afec33d72d3f384b16fa628bc97adfc0b7146704f07516eb2b1d4ce420f12be010ef17dfa412aca805416a02be0d783c8caca3d7f391d7c143a70b5820ef6919de293c3999b1810f854832da53504bda304b16e286"], 0xdd)
perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getpeername$inet(r0, &(0x7f0000000080), &(0x7f00000001c0)=0x10)
sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe)

04:39:16 executing program 3:
bpf$PROG_LOAD(0x5, 0x0, 0x0)

[  181.866869][ T7801] device bond0 left promiscuous mode
[  181.876911][ T7801] device bond_slave_0 left promiscuous mode
[  181.902417][ T7801] device bond_slave_1 left promiscuous mode
[  182.094472][ T7804] device bond0 entered promiscuous mode
[  182.134298][ T7804] device bond_slave_0 entered promiscuous mode
[  182.185323][ T7804] device bond_slave_1 entered promiscuous mode
[  182.214504][ T7804] 8021q: adding VLAN 0 to HW filter on device bond0
04:39:17 executing program 5:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/snmp\x00')
lseek(r0, 0xfffffffffffffffd, 0x0)

04:39:17 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xedX#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80')
openat$cgroup_ro(r0, &(0x7f00000003c0)='mem\x00\x01y7SwaS.\x06ur\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed<?\xc7\xb6s\xca\xff\x96\x9a}+Q\xd2\xd9{\xca\x86Vw\xde\xb3\x86\x91\xfd\xb5p\xdb$ j\xfb\xf8\xedw\xf4\x161a.\xc7\n\xe0X?\xc4\xf4BW\x01\x1f-\xcc\x01\xd0W\xc8\xf09\fV\x1b|A)\xb8\xda#NP\x1c\x9d\x93#V\x9f\"v\x19n{\x96\xaa\xbd0\x8ef\x9d\xb88CP(}w\x8c\xbb\xdc%\ax \x10\xd1\n(\xa8=\xf54\xa9\xcb\xe9\x97T\xcf\xcf\x87t', 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/4\x00')
lseek(r1, 0x0, 0x0)

04:39:17 executing program 3:
bpf$PROG_LOAD(0x5, 0x0, 0x0)

[  182.243228][ T7857] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 17)
[  182.267377][ T7857] FAT-fs (loop0): Filesystem has been set read-only
04:39:17 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffbd, 0x0, 0xa, 0x0, 0x0, 0x14}}, &(0x7f0000003ff6)='GPL\x00', 0x3, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70)

04:39:17 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x20800000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0))
perf_event_open(&(0x7f0000000040)={0x0, 0x23b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
fstat(r2, &(0x7f0000000140))
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f004})
openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

04:39:17 executing program 3:
bpf$PROG_LOAD(0x5, 0x0, 0x0)

04:39:17 executing program 2:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rtc0\x00', 0x0, 0x0)
ioctl$RTC_UIE_ON(r0, 0x7003)
ioctl$RTC_UIE_OFF(r0, 0x7004)

04:39:17 executing program 5:
socketpair$unix(0x1, 0x7, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000680)='stat\x00')
r2 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0)
ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f00000002c0)={@mcast1, @mcast1, @mcast1, 0x0, 0x0, 0x0, 0xb, 0x0, 0x10000000200})
r3 = dup(r0)
ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, 0x0)
syz_genetlink_get_family_id$fou(&(0x7f0000000640)='fou\x00')
sendmsg$FOU_CMD_GET(r3, &(0x7f0000000700)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x820000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000780)=ANY=[@ANYBLOB="06002bbd7000fbdbdf25030000000800040001000000080001004e"], 0x1}, 0x1, 0x0, 0x0, 0x80}, 0x240440d4)
syz_genetlink_get_family_id$tipc(&(0x7f00000003c0)='TIPC\x00')
ioctl$VIDIOC_S_AUDIO(0xffffffffffffffff, 0x40345622, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_MON_SET(r4, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4844}, 0x0)
fcntl$getown(0xffffffffffffffff, 0x9)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r5 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0)
readv(r5, &(0x7f0000000100), 0x0)
sendmsg$nl_generic(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)

[  182.299843][ T7857] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 17)
04:39:17 executing program 0:
signalfd4(0xffffffffffffffff, 0x0, 0x3e4, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x10, 0x0)
fstat(0xffffffffffffffff, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000280)='./file0\x00', 0x1fe, 0xfffffffffffffffd)
write$binfmt_aout(r1, &(0x7f0000000880)=ANY=[@ANYBLOB="004548963e094b9bf04dab827d472fdb53082d57e9bebf830c90f6603be2eb1d069f4645e1e1c8461640a35b646e12ad54291b985acd29b5c1e249ca72ec5dea621d1384ec0846abae8d38c5503eec93ca3bfa7148d5ea5ee3373999fee2e2d5f022b31564f2b6018d58084a96ec22ad06daab5eecc033a048c958fae225025b1eff2cddc9105e15afec33d72d3f384b16fa628bc97adfc0b7146704f07516eb2b1d4ce420f12be010ef17dfa412aca805416a02be0d783c8caca3d7f391d7c143a70b5820ef6919de293c3999b1810f854832da53504bda304b16e286"], 0xdd)
perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe)

04:39:17 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x22)

04:39:17 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00')
write$FUSE_WRITE(r0, 0x0, 0x0)

04:39:17 executing program 4:
syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)

04:39:17 executing program 1:
openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0)
pipe(0x0)
syz_open_procfs(0x0, &(0x7f0000dec000)='smaps\x00')
madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, &(0x7f00000019c0)=""/4096, 0x1000}, 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup\x00', 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f00000001c0)='memory.high\x00f\xe0\a\xbc\x19W\x95\bY\xe6\x1a\x10L\x84Q\xcd\xf5\xa1c\x8f\xe9I5R=\xad\xfa\x9c\aY\xef\x01,\xc25K\x8b\xf9\x0e\x90\xff<\x00\xa9\xe0x\xfaq\xd7-Z\f\x85&\"<\xb8Y\x8aD\xc7\x00\xe7\xe4 \xa2\xb6g(Z\xd5w\x84\xd1\x99X\xdaQ+-\xf1\v$\xcdv\xe6`\\\xc4\xdf\x1eN\x8c\\\x9c\xe8T\x06\x8eLk\x88\x9d2d\xe0:3S\xef\x8b\x10\xa8\x89\xa4\xfe\xea\x01\x05\xfb\x81\x7f\x15\xe4b\xf0\x9c[\x91\x1d \xc0>\xaeg\xaa\r\xe5\r\xc7x.\x8c8\x83\x8eIO\xb8\\N1#H\xf2\x8f\x03V\xcf\xdb\xc8\xda\xa7)\x7f\xe6\xe3[\xf3', 0x2, 0x0)
writev(r1, &(0x7f0000000700), 0x10000000000000bf)

04:39:17 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x22)

04:39:17 executing program 2:
r0 = socket(0x2, 0x5, 0x0)
connect$unix(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="82022e2fe6696c653000"], 0x1)

04:39:17 executing program 5:
socketpair$unix(0x1, 0x7, 0x0, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000680)='stat\x00')
r2 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x0, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0)
ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f00000002c0)={@mcast1, @mcast1, @mcast1, 0x0, 0x0, 0x0, 0xb, 0x0, 0x10000000200})
r3 = dup(r0)
ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, 0x0)
syz_genetlink_get_family_id$fou(&(0x7f0000000640)='fou\x00')
sendmsg$FOU_CMD_GET(r3, &(0x7f0000000700)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x820000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000780)=ANY=[@ANYBLOB="06002bbd7000fbdbdf25030000000800040001000000080001004e"], 0x1}, 0x1, 0x0, 0x0, 0x80}, 0x240440d4)
syz_genetlink_get_family_id$tipc(&(0x7f00000003c0)='TIPC\x00')
ioctl$VIDIOC_S_AUDIO(0xffffffffffffffff, 0x40345622, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_MON_SET(r4, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4844}, 0x0)
fcntl$getown(0xffffffffffffffff, 0x9)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r5 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0)
readv(r5, &(0x7f0000000100), 0x0)
sendmsg$nl_generic(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)

04:39:17 executing program 2:
r0 = open(&(0x7f0000000080)='./file0\x00', 0x80000000000206, 0x0)
truncate(&(0x7f0000000000)='./file0\x00', 0x208020001)
lseek(r0, 0x0, 0x3)
poll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0)
socket$inet6_udp(0x1c, 0x2, 0x0)
exit(0x0)
mprotect(&(0x7f0000ff9000/0x5000)=nil, 0x5000, 0x0)
poll(0x0, 0x0, 0x0)
socket$inet6_udp(0x1c, 0x2, 0x0)

[  182.840781][ T7910] XFS (loop4): Invalid superblock magic number
04:39:18 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x22)

04:39:18 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x0, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70)

04:39:18 executing program 5:
r0 = syz_open_dev$sndseq(&(0x7f0000000180)='/dev/snd/seq\x00', 0x0, 0x0)
read(r0, &(0x7f0000000040)=""/28, 0x1c)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000300)={0x200000000bf})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001400)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = gettid()
timer_create(0x0, &(0x7f00000002c0)={0x0, 0x12}, &(0x7f00000001c0))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{}, {0x0, 0x1c9c380}}, 0x0)
tkill(r2, 0x14)

04:39:18 executing program 0:
signalfd4(0xffffffffffffffff, 0x0, 0x3e4, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x10, 0x0)
fstat(0xffffffffffffffff, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000280)='./file0\x00', 0x1fe, 0xfffffffffffffffd)
write$binfmt_aout(r1, &(0x7f0000000880)=ANY=[@ANYBLOB="004548963e094b9bf04dab827d472fdb53082d57e9bebf830c90f6603be2eb1d069f4645e1e1c8461640a35b646e12ad54291b985acd29b5c1e249ca72ec5dea621d1384ec0846abae8d38c5503eec93ca3bfa7148d5ea5ee3373999fee2e2d5f022b31564f2b6018d58084a96ec22ad06daab5eecc033a048c958fae225025b1eff2cddc9105e15afec33d72d3f384b16fa628bc97adfc0b7146704f07516eb2b1d4ce420f12be010ef17dfa412aca805416a02be0d783c8caca3d7f391d7c143a70b5820ef6919de293c3999b1810f854832da53504bda304b16e286"], 0xdd)
perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe)

04:39:18 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x0, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70)

04:39:18 executing program 1:
openat$proc_capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0)
pipe(0x0)
syz_open_procfs(0x0, &(0x7f0000dec000)='smaps\x00')
madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, &(0x7f00000019c0)=""/4096, 0x1000}, 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup\x00', 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f00000001c0)='memory.high\x00f\xe0\a\xbc\x19W\x95\bY\xe6\x1a\x10L\x84Q\xcd\xf5\xa1c\x8f\xe9I5R=\xad\xfa\x9c\aY\xef\x01,\xc25K\x8b\xf9\x0e\x90\xff<\x00\xa9\xe0x\xfaq\xd7-Z\f\x85&\"<\xb8Y\x8aD\xc7\x00\xe7\xe4 \xa2\xb6g(Z\xd5w\x84\xd1\x99X\xdaQ+-\xf1\v$\xcdv\xe6`\\\xc4\xdf\x1eN\x8c\\\x9c\xe8T\x06\x8eLk\x88\x9d2d\xe0:3S\xef\x8b\x10\xa8\x89\xa4\xfe\xea\x01\x05\xfb\x81\x7f\x15\xe4b\xf0\x9c[\x91\x1d \xc0>\xaeg\xaa\r\xe5\r\xc7x.\x8c8\x83\x8eIO\xb8\\N1#H\xf2\x8f\x03V\xcf\xdb\xc8\xda\xa7)\x7f\xe6\xe3[\xf3', 0x2, 0x0)
writev(r1, &(0x7f0000000700), 0x10000000000000bf)

04:39:18 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x0, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70)

04:39:18 executing program 4:
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f00000000c0))
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2)
ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f0000000080)=ANY=[@ANYBLOB="0000000003"])

04:39:18 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, 0x0, 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70)

04:39:18 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, &(0x7f00000019c0)=""/4096, 0x1000}, 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup\x00', 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f00000001c0)='memory.high\x00f\xe0\a\xbc\x19W\x95\bY\xe6\x1a\x10L\x84Q\xcd\xf5\xa1c\x8f\xe9I5R=\xad\xfa\x9c\aY\xef\x01,\xc25K\x8b\xf9\x0e\x90\xff<\x00\xa9\xe0x\xfaq\xd7-Z\f\x85&\"<\xb8Y\x8aD\xc7\x00\xe7\xe4 \xa2\xb6g(Z\xd5w\x84\xd1\x99X\xdaQ+-\xf1\v$\xcdv\xe6`\\\xc4\xdf\x1eN\x8c\\\x9c\xe8T\x06\x8eLk\x88\x9d2d\xe0:3S\xef\x8b\x10\xa8\x89\xa4\xfe\xea\x01\x05\xfb\x81\x7f\x15\xe4b\xf0\x9c[\x91\x1d \xc0>\xaeg\xaa\r\xe5\r\xc7x.\x8c8\x83\x8eIO\xb8\\N1#H\xf2\x8f\x03V\xcf\xdb\xc8\xda\xa7)\x7f\xe6\xe3[\xf3', 0x2, 0x0)
writev(r1, &(0x7f0000000700), 0x10000000000000bf)

04:39:18 executing program 4:
syz_emit_ethernet(0x300b22, &(0x7f0000000080)={@local, @empty, [], {@arp={0x806, @ether_ipv4={0xf000, 0x6000, 0x6, 0x4, 0x0, @local, @dev, @dev}}}}, 0x0)

04:39:18 executing program 2:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0)
r1 = dup2(r0, r0)
ioctl$EVIOCGMASK(r1, 0x80104592, 0x0)

04:39:18 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, 0x0, 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70)

04:39:18 executing program 4:

04:39:19 executing program 5:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
socket$bt_rfcomm(0x1f, 0x0, 0x3)

04:39:19 executing program 0:
signalfd4(0xffffffffffffffff, 0x0, 0x3e4, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x10, 0x0)
fstat(0xffffffffffffffff, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000280)='./file0\x00', 0x1fe, 0xfffffffffffffffd)
write$binfmt_aout(r1, &(0x7f0000000880)=ANY=[@ANYBLOB="004548963e094b9bf04dab827d472fdb53082d57e9bebf830c90f6603be2eb1d069f4645e1e1c8461640a35b646e12ad54291b985acd29b5c1e249ca72ec5dea621d1384ec0846abae8d38c5503eec93ca3bfa7148d5ea5ee3373999fee2e2d5f022b31564f2b6018d58084a96ec22ad06daab5eecc033a048c958fae225025b1eff2cddc9105e15afec33d72d3f384b16fa628bc97adfc0b7146704f07516eb2b1d4ce420f12be010ef17dfa412aca805416a02be0d783c8caca3d7f391d7c143a70b5820ef6919de293c3999b1810f854832da53504bda304b16e286"], 0xdd)
perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe)

04:39:19 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
r1 = dup2(r0, 0xffffffffffffffff)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x131f64)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, 0x0, 0x0)

04:39:19 executing program 1:

04:39:19 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, 0x0, 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70)

04:39:19 executing program 2:
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
epoll_create(0x0)
r0 = socket$key(0xf, 0x3, 0x2)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
getsockname(r0, &(0x7f0000000180)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, &(0x7f0000000240)=0x80)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1, &(0x7f00000004c0)='\x00', 0xffffffffffffffff}, 0x30)
getresuid(&(0x7f0000000580), &(0x7f00000005c0), &(0x7f0000000600))
lstat(&(0x7f0000000640)='./bus\x00', &(0x7f0000000680))
gettid()
r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x1fe, 0x0)
write$binfmt_aout(r2, &(0x7f0000000c40)=ANY=[@ANYBLOB="00db3e34f9fac2b839eb3455d72f9527de4211d4e737ff10bf66a096b93cc21f3b6ae8a1209b80de849500000000000000000047a18a4e5aeca69944f20da3fcb4af4e0076ccc73f13f0f19107a88840d2d0e930428c72311e2554b6677bee65"], 0x60)
perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
unlink(&(0x7f0000001e00)='./bus\x00')
sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe)
mkdir(&(0x7f0000001540)='./file0\x00', 0x0)

04:39:19 executing program 5:

04:39:19 executing program 5:

04:39:19 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x22)

[  184.162155][ T8017] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8017
[  184.172156][ T8017] caller is ip6_finish_output+0x335/0xdc0
[  184.177909][ T8017] CPU: 0 PID: 8017 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19
[  184.186922][ T8017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  184.196976][ T8017] Call Trace:
[  184.200286][ T8017]  dump_stack+0x172/0x1f0
[  184.204610][ T8017]  __this_cpu_preempt_check+0x246/0x270
[  184.210144][ T8017]  ip6_finish_output+0x335/0xdc0
[  184.215083][ T8017]  ip6_output+0x235/0x7f0
[  184.219411][ T8017]  ? ip6_finish_output+0xdc0/0xdc0
[  184.224668][ T8017]  ? ip6_fragment+0x3980/0x3980
[  184.229510][ T8017]  ip6_xmit+0xe41/0x20c0
[  184.233748][ T8017]  ? ip6_finish_output2+0x2550/0x2550
[  184.239107][ T8017]  ? mark_held_locks+0xf0/0xf0
[  184.243857][ T8017]  ? ip6_setup_cork+0x1870/0x1870
[  184.248878][ T8017]  inet6_csk_xmit+0x2fb/0x5d0
[  184.253542][ T8017]  ? inet6_csk_update_pmtu+0x190/0x190
[  184.258987][ T8017]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  184.265216][ T8017]  ? csum_ipv6_magic+0x20/0x80
[  184.269984][ T8017]  __tcp_transmit_skb+0x1a32/0x3750
[  184.275165][ T8017]  ? tcp_connect+0x1184/0x4280
[  184.279920][ T8017]  ? __tcp_select_window+0x8b0/0x8b0
[  184.285188][ T8017]  ? lockdep_hardirqs_on+0x418/0x5d0
[  184.290458][ T8017]  ? trace_hardirqs_on+0x67/0x230
[  184.295469][ T8017]  ? tcp_rbtree_insert+0x188/0x200
[  184.300581][ T8017]  tcp_connect+0x2e18/0x4280
[  184.305178][ T8017]  ? tcp_push_one+0x110/0x110
[  184.309855][ T8017]  ? secure_tcpv6_ts_off+0x24f/0x360
[  184.315128][ T8017]  ? secure_dccpv6_sequence_number+0x280/0x280
[  184.321449][ T8017]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  184.327674][ T8017]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  184.333897][ T8017]  ? prandom_u32_state+0x13/0x180
[  184.338967][ T8017]  tcp_v6_connect+0x150b/0x20a0
[  184.344013][ T8017]  ? tcp_v6_conn_request+0x2b0/0x2b0
[  184.349298][ T8017]  __inet_stream_connect+0x83f/0xea0
[  184.354709][ T8017]  ? tcp_v6_conn_request+0x2b0/0x2b0
[  184.359979][ T8017]  ? __inet_stream_connect+0x83f/0xea0
[  184.365534][ T8017]  ? mark_held_locks+0xa4/0xf0
[  184.370285][ T8017]  ? inet_dgram_connect+0x2e0/0x2e0
[  184.375664][ T8017]  ? lock_sock_nested+0x9a/0x120
[  184.380703][ T8017]  ? trace_hardirqs_on+0x67/0x230
[  184.385708][ T8017]  ? lock_sock_nested+0x9a/0x120
[  184.390628][ T8017]  ? __local_bh_enable_ip+0x15a/0x270
[  184.396078][ T8017]  inet_stream_connect+0x58/0xa0
[  184.401014][ T8017]  __sys_connect+0x266/0x330
[  184.405591][ T8017]  ? __ia32_sys_accept+0xb0/0xb0
[  184.410514][ T8017]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  184.416753][ T8017]  ? put_timespec64+0xda/0x140
[  184.421651][ T8017]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  184.427100][ T8017]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  184.432544][ T8017]  ? do_syscall_64+0x26/0x610
[  184.437231][ T8017]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  184.443277][ T8017]  ? do_syscall_64+0x26/0x610
[  184.447943][ T8017]  __x64_sys_connect+0x73/0xb0
[  184.452692][ T8017]  do_syscall_64+0x103/0x610
[  184.457270][ T8017]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  184.463142][ T8017] RIP: 0033:0x4582b9
[  184.467021][ T8017] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  184.486804][ T8017] RSP: 002b:00007f9d55882c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  184.495307][ T8017] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9
[  184.503370][ T8017] RDX: 000000000000001c RSI: 0000000020000080 RDI: 0000000000000003
04:39:19 executing program 1:

[  184.511327][ T8017] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[  184.519283][ T8017] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d558836d4
[  184.527238][ T8017] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff
04:39:19 executing program 5:

04:39:19 executing program 1:

04:39:19 executing program 5:

[  184.870327][ T8017] BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/8017
[  184.880085][ T8017] caller is ip6_finish_output+0x335/0xdc0
[  184.886020][ T8017] CPU: 0 PID: 8017 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190405 #19
[  184.895063][ T8017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  184.902456][ T8027] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 17)
[  184.905123][ T8017] Call Trace:
[  184.905176][ T8017]  dump_stack+0x172/0x1f0
[  184.905202][ T8017]  __this_cpu_preempt_check+0x246/0x270
[  184.905222][ T8017]  ip6_finish_output+0x335/0xdc0
[  184.932331][ T8017]  ip6_output+0x235/0x7f0
[  184.936789][ T8017]  ? ip6_finish_output+0xdc0/0xdc0
[  184.942523][ T8017]  ? ip6_fragment+0x3980/0x3980
[  184.947477][ T8017]  ip6_xmit+0xe41/0x20c0
[  184.947501][ T8017]  ? ip6_finish_output2+0x2550/0x2550
[  184.954758][ T8027] FAT-fs (loop0): Filesystem has been set read-only
[  184.957163][ T8017]  ? mark_held_locks+0xf0/0xf0
[  184.957186][ T8017]  ? ip6_setup_cork+0x1870/0x1870
[  184.957219][ T8017]  inet6_csk_xmit+0x2fb/0x5d0
[  184.957239][ T8017]  ? inet6_csk_update_pmtu+0x190/0x190
[  184.973758][ T8017]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  184.973787][ T8017]  ? csum_ipv6_magic+0x20/0x80
[  184.973808][ T8017]  __tcp_transmit_skb+0x1a32/0x3750
[  184.973825][ T8017]  ? tcp_connect+0x1184/0x4280
[  185.001035][ T8027] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 17)
[  185.005260][ T8017]  ? __tcp_select_window+0x8b0/0x8b0
[  185.005275][ T8017]  ? lockdep_hardirqs_on+0x418/0x5d0
[  185.005290][ T8017]  ? trace_hardirqs_on+0x67/0x230
[  185.005307][ T8017]  ? tcp_rbtree_insert+0x188/0x200
[  185.005323][ T8017]  tcp_connect+0x2e18/0x4280
[  185.005349][ T8017]  ? tcp_push_one+0x110/0x110
[  185.005364][ T8017]  ? secure_tcpv6_ts_off+0x24f/0x360
[  185.005379][ T8017]  ? secure_dccpv6_sequence_number+0x280/0x280
[  185.005398][ T8017]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  185.061255][ T8017]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  185.067510][ T8017]  ? prandom_u32_state+0x13/0x180
[  185.072643][ T8017]  tcp_v6_connect+0x150b/0x20a0
[  185.077513][ T8017]  ? tcp_v6_conn_request+0x2b0/0x2b0
[  185.082842][ T8017]  __inet_stream_connect+0x83f/0xea0
[  185.088135][ T8017]  ? tcp_v6_conn_request+0x2b0/0x2b0
[  185.093525][ T8017]  ? __inet_stream_connect+0x83f/0xea0
[  185.098993][ T8017]  ? mark_held_locks+0xa4/0xf0
[  185.103765][ T8017]  ? inet_dgram_connect+0x2e0/0x2e0
[  185.108992][ T8017]  ? lock_sock_nested+0x9a/0x120
[  185.113941][ T8017]  ? trace_hardirqs_on+0x67/0x230
[  185.118975][ T8017]  ? lock_sock_nested+0x9a/0x120
[  185.124277][ T8017]  ? __local_bh_enable_ip+0x15a/0x270
[  185.129668][ T8017]  inet_stream_connect+0x58/0xa0
[  185.134618][ T8017]  __sys_connect+0x266/0x330
[  185.139219][ T8017]  ? __ia32_sys_accept+0xb0/0xb0
[  185.144161][ T8017]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  185.150579][ T8017]  ? put_timespec64+0xda/0x140
[  185.155365][ T8017]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  185.160828][ T8017]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  185.166378][ T8017]  ? do_syscall_64+0x26/0x610
[  185.171067][ T8017]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  185.177141][ T8017]  ? do_syscall_64+0x26/0x610
[  185.181919][ T8017]  __x64_sys_connect+0x73/0xb0
[  185.186691][ T8017]  do_syscall_64+0x103/0x610
[  185.191290][ T8017]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  185.197188][ T8017] RIP: 0033:0x4582b9
[  185.201094][ T8017] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
04:39:20 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x22)

04:39:20 executing program 4:

04:39:20 executing program 1:

04:39:20 executing program 5:

[  185.220707][ T8017] RSP: 002b:00007f9d55882c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  185.229127][ T8017] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9
[  185.237106][ T8017] RDX: 000000000000001c RSI: 0000000020000080 RDI: 0000000000000004
[  185.245086][ T8017] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[  185.253065][ T8017] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d558836d4
[  185.261053][ T8017] R13: 00000000004be64c R14: 00000000004cf1e0 R15: 00000000ffffffff
04:39:20 executing program 2:

04:39:20 executing program 1:

04:39:20 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x22)

04:39:20 executing program 5:

04:39:20 executing program 4:

04:39:20 executing program 1:

04:39:20 executing program 5:

04:39:20 executing program 2:

04:39:20 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70)

04:39:20 executing program 5:

04:39:20 executing program 4:

04:39:20 executing program 1:

04:39:20 executing program 2:

04:39:20 executing program 0:
signalfd4(0xffffffffffffffff, 0x0, 0x3e4, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x10, 0x0)
fstat(0xffffffffffffffff, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000280)='./file0\x00', 0x1fe, 0xfffffffffffffffd)
write$binfmt_aout(r1, &(0x7f0000000880)=ANY=[@ANYBLOB="004548963e094b9bf04dab827d472fdb53082d57e9bebf830c90f6603be2eb1d069f4645e1e1c8461640a35b646e12ad54291b985acd29b5c1e249ca72ec5dea621d1384ec0846abae8d38c5503eec93ca3bfa7148d5ea5ee3373999fee2e2d5f022b31564f2b6018d58084a96ec22ad06daab5eecc033a048c958fae225025b1eff2cddc9105e15afec33d72d3f384b16fa628bc97adfc0b7146704f07516eb2b1d4ce420f12be010ef17dfa412aca805416a02be0d783c8caca3d7f391d7c143a70b5820ef6919de293c3999b1810f854832da53504bda304b16e286"], 0xdd)
sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe)

04:39:21 executing program 0:
signalfd4(0xffffffffffffffff, 0x0, 0x3e4, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x10, 0x0)
fstat(0xffffffffffffffff, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000280)='./file0\x00', 0x1fe, 0xfffffffffffffffd)
write$binfmt_aout(r1, &(0x7f0000000880)=ANY=[@ANYBLOB="004548963e094b9bf04dab827d472fdb53082d57e9bebf830c90f6603be2eb1d069f4645e1e1c8461640a35b646e12ad54291b985acd29b5c1e249ca72ec5dea621d1384ec0846abae8d38c5503eec93ca3bfa7148d5ea5ee3373999fee2e2d5f022b31564f2b6018d58084a96ec22ad06daab5eecc033a048c958fae225025b1eff2cddc9105e15afec33d72d3f384b16fa628bc97adfc0b7146704f07516eb2b1d4ce420f12be010ef17dfa412aca805416a02be0d783c8caca3d7f391d7c143a70b5820ef6919de293c3999b1810f854832da53504bda304b16e286"], 0xdd)
sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe)

04:39:21 executing program 2:

04:39:21 executing program 1:

04:39:21 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70)

04:39:21 executing program 4:

04:39:21 executing program 5:

04:39:21 executing program 1:

04:39:21 executing program 2:

04:39:21 executing program 4:

04:39:21 executing program 5:

04:39:21 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70)

04:39:21 executing program 1:

04:39:22 executing program 2:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
ioctl$sock_ifreq(r0, 0x8000200008924, &(0x7f0000000000)={'batadv0\x00', @ifru_settings={0x1, 0xff, @fr_pvc=0x0}})

04:39:22 executing program 5:

04:39:22 executing program 4:

04:39:22 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x70)

04:39:22 executing program 0:
signalfd4(0xffffffffffffffff, 0x0, 0x3e4, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x10, 0x0)
fstat(0xffffffffffffffff, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000280)='./file0\x00', 0x1fe, 0xfffffffffffffffd)
sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe)

04:39:22 executing program 1:

[  186.879727][ T8116] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 17)
[  186.888836][ T8116] FAT-fs (loop0): Filesystem has been set read-only
[  186.897810][ T8116] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 17)
04:39:22 executing program 5:

04:39:22 executing program 1:

04:39:22 executing program 4:

04:39:22 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x70)

04:39:22 executing program 5:

04:39:22 executing program 1:

04:39:22 executing program 2:

04:39:22 executing program 4:

04:39:22 executing program 0:
signalfd4(0xffffffffffffffff, 0x0, 0x3e4, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x10, 0x0)
fstat(0xffffffffffffffff, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000280)='./file0\x00', 0x1fe, 0xfffffffffffffffd)
sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe)

04:39:22 executing program 1:

04:39:22 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x70)

04:39:22 executing program 5:

04:39:22 executing program 2:

04:39:22 executing program 4:

04:39:22 executing program 1:

04:39:22 executing program 4:

04:39:22 executing program 2:

04:39:22 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0}, 0x70)

04:39:22 executing program 5:

04:39:22 executing program 0:
signalfd4(0xffffffffffffffff, 0x0, 0x3e4, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x10, 0x0)
fstat(0xffffffffffffffff, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000280)='./file0\x00', 0x1fe, 0xfffffffffffffffd)
sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe)

04:39:22 executing program 5:

04:39:22 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0}, 0x70)

04:39:22 executing program 4:

04:39:22 executing program 2:

04:39:22 executing program 1:

04:39:22 executing program 4:

04:39:22 executing program 1:

04:39:22 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0xffffffb6}}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0}, 0x70)

04:39:22 executing program 5:

04:39:22 executing program 2:

04:39:22 executing program 0:
signalfd4(0xffffffffffffffff, 0x0, 0x3e4, 0x0)
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x10, 0x0)
fstat(0xffffffffffffffff, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000880)=ANY=[@ANYBLOB="004548963e094b9bf04dab827d472fdb53082d57e9bebf830c90f6603be2eb1d069f4645e1e1c8461640a35b646e12ad54291b985acd29b5c1e249ca72ec5dea621d1384ec0846abae8d38c5503eec93ca3bfa7148d5ea5ee3373999fee2e2d5f022b31564f2b6018d58084a96ec22ad06daab5eecc033a048c958fae225025b1eff2cddc9105e15afec33d72d3f384b16fa628bc97adfc0b7146704f07516eb2b1d4ce420f12be010ef17dfa412aca805416a02be0d783c8caca3d7f391d7c143a70b5820ef6919de293c3999b1810f854832da53504bda304b16e286"], 0xdd)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000), 0x8080fffffffe)